Ask Slashdot: Patch Management For Offline Customer Systems?

New submitter Nillerz writes: What, in your experience, is generally the best way to distribute patches in a way so customers can download them, considering that the machines are offline? Are there any software packages (open source preferred) that pretty much allow engineers to upload a patch with a description to a web server, and allow customers with credentials that are registered in LDAP to browse and download them quickly? And if not, how do you distribute patches to air-gapped machines?

Re:Is there even a reason to patch airgapped machi

[El_Muerte_TDS]

To fix non-security related bugs.

Re:sneakernet

[techno-vampire]

Ship encrypted files on flash with instructions for them to call when the media arrives.

No. Not on flash. Flash can be intercepted and modified. Send it on a CD/DVD that's not rewritable, and send a hardcopy of the MD5 hash in a second package. Then, before running the update, calculate the hash and compare it by eye with the hardcopy. I won't say that it's impossible for anybody to slip an infection past this, but it's not going to be easy, especially if you send the two parts of the message by different companies.